#22496 closed defect (fixed)

Check that updater changes coming with Firefox 52.2.0esr are unproblematic for Tor Browser

Reported by: gk Owned by: mcs
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: TorBrowserTeam201706
Cc: brade, tbb-team Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

There are a bunch of code changes regarding the updater code that are not in Firefox 52.1.xesr but Firefox 52.2.0esr (or code that could become that version).

Here are some of the changesets we should double check:

https://hg.mozilla.org/releases/mozilla-esr52/rev/e72789cd4486e5d309a127b6790398ca4689f44b
https://hg.mozilla.org/releases/mozilla-esr52/rev/fe41acbfab790675cee9f7305b7ca0db2ca6637b

https://hg.mozilla.org/releases/mozilla-esr52/rev/61066f53c6e0234c2f55ae43329d4b8d2b7b3b57
https://hg.mozilla.org/releases/mozilla-esr52/rev/c15b2a5abf1ca5c4169ef6340be56a25b5ec4f45

https://hg.mozilla.org/releases/mozilla-esr52/rev/3a49fe1696720a9586e37ab5d37d886987820b46

There might be more. Skimming over them I think we should be unaffected as they are maintenance service related which we disable. But I might have missed other changesets or read the code wrongly. mcs: I have access to the two security bugs. If you need further information, let me know.

Child Tickets

Change History (4)

comment:1 Changed 19 months ago by mcs

[I thought I posted this comment yesterday, but just found out that I did not]

Kathy and I found a few more commits by looking at all recent changes that affected toolkit/xre/nsUpdateDriver.cpp as well as any files under the following subdirectories:

  • tools/update-packaging
  • toolkit/components/maintenanceservice
  • toolkit/mozapps/update

Here are the additional ones we found:
https://hg.mozilla.org/releases/mozilla-esr52/rev/8bbc7b586d68b601e5b21807db4b8d91ea667ad7
https://hg.mozilla.org/releases/mozilla-esr52/rev/b04be5703bd74e276a1403d80c185ceb6f1ca8c9
https://hg.mozilla.org/releases/mozilla-esr52/rev/6c8b3865e0baa862a9c6d9207eaf3280418c226e
https://hg.mozilla.org/releases/mozilla-esr52/rev/aab0d0823210a157941c945a5234ccbf0dd7898c

We reviewed all of the changes (well, we mostly ignored the changes to the tests since we don't currently run automated tests against the updater code). Kathy and I do not think these changes will break anything in Tor Browser, but some of the changes are extensive enough that we feel like we should do some testing once you have created a tor-browser branch that is based on the 52.2.0esr code. Please let us know when such a branch is available.

Last edited 19 months ago by mcs (previous) (diff)

comment:2 in reply to:  1 Changed 19 months ago by gk

Replying to mcs:

[I thought I posted this comment yesterday, but just found out that I did not]

Kathy and I found a few more commits by looking at all recent changes that affected toolkit/xre/nsUpdateDriver.cpp as well as any files under the following subdirectories:

  • tools/update-packaging
  • toolkit/components/maintenanceservice
  • toolkit/mozapps/update

Here are the additional ones we found:
https://hg.mozilla.org/releases/mozilla-esr52/rev/8bbc7b586d68b601e5b21807db4b8d91ea667ad7
https://hg.mozilla.org/releases/mozilla-esr52/rev/b04be5703bd74e276a1403d80c185ceb6f1ca8c9
https://hg.mozilla.org/releases/mozilla-esr52/rev/6c8b3865e0baa862a9c6d9207eaf3280418c226e
https://hg.mozilla.org/releases/mozilla-esr52/rev/aab0d0823210a157941c945a5234ccbf0dd7898c

We reviewed all of the changes (well, we mostly ignored the changes to the tests since we don't currently run automated tests against the updater code). Kathy and I do not think these changes will break anything in Tor Browser, but some of the changes are extensive enough that we feel like we should do some testing once you have created a tor-browser branch that is based on the 52.2.0esr code. Please let us know when such a branch is available.

For posterity tor-browser-52.2.0esr-7.0-1 is available even though it seems we might need a -2 to pick additional changes up...

comment:3 Changed 19 months ago by brade

Kathy and I did some quick updater "smoke tests" using our own tor-browser-52.2.0esr-7.0-1 builds on Linux64 and macOS. We did not find any problems. I kicked off a Windows build, but that one is gitian-based and will take a while. Assuming the build succeeds, we will test it on Friday morning EST.

comment:4 Changed 18 months ago by mcs

Resolution: fixed
Status: newclosed

Kathy and I finished our testing. We skipped testing Linux 32-bit since the code, system APIs, and behavior should be identical to Linux 64-bit (or nearly so). I think we are done here.

Note: See TracTickets for help on using tickets.